package grails.plugin.springsecurity.web.access;

import grails.util.GrailsUtil;
import java.io.IOException;
import java.util.Collection;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator;
import org.springframework.util.Assert;

/* loaded from: input_file:embedded.war:WEB-INF/classes/grails/plugin/springsecurity/web/access/GrailsWebInvocationPrivilegeEvaluator.class */
public class GrailsWebInvocationPrivilegeEvaluator extends DefaultWebInvocationPrivilegeEvaluator {
    protected static final FilterChain DUMMY_CHAIN = new FilterChain() { // from class: grails.plugin.springsecurity.web.access.GrailsWebInvocationPrivilegeEvaluator.1
        @Override // javax.servlet.FilterChain
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            throw new UnsupportedOperationException("GrailsWebInvocationPrivilegeEvaluator does not support filter chains");
        }
    };
    protected static final HttpServletResponse DUMMY_RESPONSE = DummyResponseCreator.createInstance();
    protected final Logger log;
    protected AbstractSecurityInterceptor interceptor;

    public GrailsWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor abstractSecurityInterceptor) {
        super(abstractSecurityInterceptor);
        this.log = LoggerFactory.getLogger(getClass());
        this.interceptor = abstractSecurityInterceptor;
    }

    @Override // org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator, org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
    public boolean isAllowed(String str, String str2, String str3, Authentication authentication) {
        Assert.notNull(str2, "uri parameter is required");
        if (str == null) {
            str = "/ctxpath";
        }
        FilterInvocation createFilterInvocation = createFilterInvocation(str, str2, str3);
        this.log.trace("isAllowed: contextPath '{}' uri '{}' method '{}' Authentication {} FilterInvocation {}", str, str2, str3, authentication, createFilterInvocation);
        Collection<ConfigAttribute> attributes = this.interceptor.obtainSecurityMetadataSource().getAttributes(createFilterInvocation);
        if (attributes == null) {
            this.log.trace("No ConfigAttributes found");
            return !this.interceptor.isRejectPublicInvocations();
        }
        if (authentication == null) {
            this.log.trace("Not authenticated");
            return false;
        }
        try {
            this.interceptor.getAccessDecisionManager().decide(authentication, createFilterInvocation, attributes);
            this.log.trace("{} allowed for {}", createFilterInvocation, authentication);
            return true;
        } catch (AccessDeniedException e) {
            if (!this.log.isDebugEnabled()) {
                return false;
            }
            this.log.debug(createFilterInvocation + " denied for " + authentication, GrailsUtil.deepSanitize(e));
            return false;
        }
    }

    protected FilterInvocation createFilterInvocation(String str, String str2, String str3) {
        Assert.hasText(str2, "URI required");
        return new FilterInvocation(DummyRequestCreator.createInstance(str, str3, str + str2), DUMMY_RESPONSE, DUMMY_CHAIN);
    }
}
